All,
Due to an accidental switch of CVEs by VUPEN in their two advisories on OV
NNM, there's a little bit of confusion about CVE numbers. I've clarified
things with both VUPEN and HP.
CVE-2010-2703 is for the ov.dll vector, found by both ZDI and VUPEN,
listed in HPSBMA02557 and SSRT100025. VUPEN's ov.dll advisory
inadvertently used the wrong CVE.
CVE-2010-2704 is for the VUPEN-discovered nnmrptconfig.exe vector, covered
in HPSBMA02558 / SSRT100158 (also SSRT010158, presumably a typo in the HP
advisory ID).
- Steve